27f0006aee59587df771eddd6fe3b049_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

27f0006aee59587df771eddd6fe3b049_JaffaCakes118
Size

320KB
MD5

27f0006aee59587df771eddd6fe3b049
SHA1

40a15d41a4458234b82bf03753fa92d8b4dda214
SHA256

7631ffbc1dcdfc29247fcc0efc5c85a11638814f764d2a47613e01ddd397fe1d
SHA512

596c859fafccd245aa46f20d5cbde7fb61f0f8e29a26a7d4d11f941a09921161810518837f6981f2afaf07f4c3eed9717ebe5a5e4d2e81386a8988a22765b52f
SSDEEP

6144:hHCnx6EkN/P6BxH23okchjqaRIR9GWwDGkDNXsv:hHCnXuP6Bh23okE+YukJsv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27f0006aee59587df771eddd6fe3b049_JaffaCakes118

Files

27f0006aee59587df771eddd6fe3b049_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c5f54a3558647326cbbd3dc1133bfeff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\moivleo\pksd\roi\azees

Imports

comctl32

ImageList_Create
ImageList_BeginDrag
InitMUILanguage
ImageList_SetIconSize
CreatePropertySheetPage
ImageList_LoadImageA
InitCommonControlsEx
ImageList_Replace
ImageList_GetImageInfo
ImageList_Copy
ImageList_Write
ImageList_GetIcon
ImageList_DragLeave
ImageList_LoadImageW
ImageList_AddMasked
ImageList_SetDragCursorImage
ImageList_GetFlags
_TrackMouseEvent
DestroyPropertySheetPage
ImageList_AddIcon
GetEffectiveClientRect
ImageList_Duplicate
CreateUpDownControl
CreateStatusWindow
ImageList_GetIconSize

shell32

SHGetNewLinkInfo
SHQueryRecycleBinW
DragQueryFile

kernel32

GetCurrentThread
LCMapStringA
HeapFree
SetFileAttributesW
GetStdHandle
GetStringTypeW
GetUserDefaultLCID
VirtualFree
GetEnvironmentStrings
HeapSize
GetAtomNameA
IsValidCodePage
UnhandledExceptionFilter
GetDiskFreeSpaceW
GetThreadLocale
GetLocaleInfoW
FreeEnvironmentStringsA
lstrcatA
WriteFile
DeleteCriticalSection
GetTimeZoneInformation
HeapAlloc
CompareStringA
SetHandleCount
CopyFileExA
SystemTimeToFileTime
TlsGetValue
SetWaitableTimer
SetEnvironmentVariableA
TlsFree
WriteConsoleOutputA
LeaveCriticalSection
EnumResourceNamesA
SetFileTime
CommConfigDialogA
CloseHandle
HeapReAlloc
GetVersion
IsValidLocale
VirtualProtect
GetPriorityClass
GetCurrentProcessId
GetTimeFormatA
InterlockedExchange
HeapCreate
EnterCriticalSection
EnumSystemLocalesA
GetStringTypeA
GetTickCount
FlushFileBuffers
RtlZeroMemory
VirtualQuery
GetTempPathA
GetComputerNameW
SetLastError
GlobalGetAtomNameW
WaitCommEvent
ReadConsoleOutputCharacterW
ReadFile
WritePrivateProfileStructA
TerminateProcess
GetEnvironmentVariableA
GlobalUnfix
ExitProcess
RtlUnwind
GetACP
SetStdHandle
CreateFileA
LoadLibraryA
CreateMutexW
WideCharToMultiByte
GetSystemInfo
GetCommandLineA
SetConsoleTitleA
HeapDestroy
IsBadWritePtr
CreateNamedPipeA
GetModuleHandleA
VirtualAlloc
GetSystemTimeAsFileTime
GetLocaleInfoA
OpenMutexA
GetCPInfo
InitializeCriticalSection
GetDateFormatA
GetFileType
GetModuleFileNameA
SetFilePointer
GetConsoleCursorInfo
GetStartupInfoA
GetCurrentThreadId
QueryPerformanceCounter
GetProcAddress
MultiByteToWideChar
RemoveDirectoryA
GlobalReAlloc
CompareStringW
CreateRemoteThread
GetOEMCP
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetUserDefaultLangID
ResumeThread
SetConsoleOutputCP
GetPrivateProfileSectionNamesA
LCMapStringW
TlsAlloc
GetCurrentProcess
TlsSetValue
CreateMutexA
GetVersionExA
GetPrivateProfileSectionA

comdlg32

GetOpenFileNameA

user32

LoadCursorA
CreateIconIndirect
EnumWindows
DlgDirListW
DestroyWindow
GetThreadDesktop
GetWindowTextLengthA
SetWindowPlacement
ChangeDisplaySettingsW
IsCharLowerA
GetOpenClipboardWindow
GetKeyboardLayoutList
SetDlgItemTextW
InvertRect
MapVirtualKeyExW
CharNextExA
MapVirtualKeyExA
LoadAcceleratorsW
SetClassLongW
DestroyIcon
SetDlgItemTextA
GetMenuItemID
UnhookWinEvent
EmptyClipboard
GetKBCodePage
EnumDisplaySettingsExW
DefWindowProcW
GetPriorityClipboardFormat
IsWindow
GetDlgCtrlID
RegisterClassExA
GetDCEx
GetClipCursor
SendNotifyMessageW
CreateWindowExA
DdeReconnect
InternalGetWindowText
EndDeferWindowPos
UnionRect
EnableScrollBar
GetCursorInfo
GetWindowWord
DdeDisconnectList
SendMessageA
SetWindowsHookExW
GetClassNameW
TranslateAcceleratorA
MessageBoxA
WINNLSGetIMEHotkey
EnableWindow
DdeQueryStringW
LoadMenuW
GetMenuItemInfoA
GetMenuDefaultItem
LoadIconW
DrawFrame
SetWindowContextHelpId
GetParent
RegisterClassA
RegisterWindowMessageW
CharToOemA
SetWinEventHook
DdeImpersonateClient
CreateIcon
CreateAcceleratorTableA
ShowWindow
DdeDisconnect

advapi32

RegDeleteValueW
CryptGetProvParam
CryptImportKey
CryptEnumProvidersA
CryptSetProviderExA
CryptEncrypt
GetUserNameA
LookupAccountSidA
CryptExportKey
RegEnumKeyExA
RegQueryValueA
CryptAcquireContextA
RegEnumValueA
CryptSetProviderW
CreateServiceA
RegRestoreKeyA
CryptSetProviderExW
CryptDestroyKey
RegSetValueExA

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5f54a3558647326cbbd3dc1133bfeff

Headers

File Characteristics

PDB Paths

Imports

comctl32

shell32

kernel32

comdlg32

user32

advapi32

Sections

.text Size: 132KB - Virtual size: 130KB

.rdata Size: 76KB - Virtual size: 72KB

.data Size: 92KB - Virtual size: 101KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 132KB - Virtual size: 130KB

.rdata
Size: 76KB - Virtual size: 72KB

.data
Size: 92KB - Virtual size: 101KB

.rsrc
Size: 16KB - Virtual size: 14KB